Add-​Azure​Key​Vault​Managed​Storage​Account

Adds an existing Azure Storage Account to the specified key vault for its keys to be managed by the Key Vault service.

Syntax

Add-AzureKeyVaultManagedStorageAccount
   [-VaultName] <String>
   [-AccountName] <String>
   [-AccountResourceId] <String>
   [-ActiveKeyName] <String>
   [-Confirm]
   [-Disable]
   [-DisableAutoRegenerateKey]
   [-RegenerationPeriod <TimeSpan>]
   [-Tag <Hashtable>]
   [-WhatIf]
   [<CommonParameters>]

Description

Sets up an existing Azure Storage Account with Key Vault for Storage Account keys to be managed by Key Vault. The Storage Account must already exist. The Storage Keys are never exposed to caller. Key Vault auto regenerates and switches the active key based on the regeneration period.

Examples

Example 1: Set an Azure Storage Account with Key Vault to manage its keys

PS C:\> $regenerationPeriod = [System.Timespan]::FromDays(90)
PS C:\> Add-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -ResourceId '/subscriptions/<subscription id>/resourceGroups/myresourcegroup/provide
rs/Microsoft.Storage/storageAccounts/mystorageaccount' -ActiveKeyName 'key1' -RegenerationPeriod $regenerationPeriod

Sets a Storage Account with Key Vault for its keys to be managed by Key Vault. The active key set is 'key1'. This key will be used to generate sas tokens. Key Vault will regenerate 'key2' key after the regeneration period from the time of this command and set it as the active key. This auto regeneration process will continue between 'key1' and 'key2' with a gap of 90 days.

Example 2: Set a Classic Azure Storage Account with Key Vault to manage its keys

PS C:\> $regenerationPeriod = [System.Timespan]::FromDays(90)
PS C:\> Add-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -ResourceId '/subscriptions/<subscription id>/resourceGroups/myresourcegroup/provide
rs/Microsoft.ClassicStorage/storageAccounts/mystorageaccount' -ActiveKeyName 'Primary' -RegenerationPeriod $regenerationPeriod

Sets a Classic Storage Account with Key Vault for its keys to be managed by Key Vault. The active key set is 'Primary'. This key will be used to generate sas tokens. Key Vault will regenerate 'Secondary' key after the regeneration period from the time of this command and set it as the active key. This auto regeneration process will continue between 'Primary' and 'Secondary' with a gap of 90 days.

Required Parameters

-AccountName

Key Vault managed storage account name. Cmdlet constructs the FQDN of a managed storage account name from vault name, currently selected environment and manged storage account name.

Type:String
Aliases:StorageAccountName, Name
Position:1
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-AccountResourceId

Azure resource id of the storage account.

Type:String
Aliases:StorageAccountResourceId
Position:2
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ActiveKeyName

Name of the storage account key that must be used for generating sas tokens.

Type:String
Position:3
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-VaultName

Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.

Type:String
Position:0
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Disable

Disables the use of managed storage account's key for generation of sas tokens.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DisableAutoRegenerateKey

Auto regenerate key. If true, then the managed storage account's inactive key gets auto regenerated and becomes the new active key after the regeneration period. If false, then the keys of managed storage account are not auto regenerated.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RegenerationPeriod

Regeneration period. If auto regenerate key is enabled, this value specifies the timespan after which managed storage account's inactive keygets auto regenerated and becomes the new active key.

Type:TimeSpan
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Tag

A hashtable representing tags of managed storage account.

Type:Hashtable
Aliases:Tags
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

System.String

System.Management.Automation.SwitchParameter System.Nullable`1[[System.TimeSpan, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] System.Collections.Hashtable

Outputs

Microsoft.Azure.Commands.KeyVault.Models.ManagedStorageAccount